
Euiopeit ches Patentamt 
European Patent Office 
Office europeen des brevets 



(2) Publication number 



0 179 612 

A2 



EUROPEAN PATENT APPLICATION 



(ji) Application number: 8S307456.B 
© Dele of filing: 16.10.85 



@ int. ci*: H 04 N 7/167 



@ P 



rionty: 26.10. M US 665114 



(3) Dete of publics! ion of application: 
30.04.86 Bulletin 86/16 

(**) Designated Contracting Steles: 
BE CH DE FR GB IT LI NL SE 



© Applicant: GENERAL INSTRUMENT CORPORATION 
767 Fifth Avenue 

New York New York 10153IUS) 

(2) Inventor: Home, Donald 
20 EdgeclrrJ GoKway 403 
Don Mills Ontario(CA) 

@ Representative: Allam, Peter Clerk et al, 

LLOYD WISE, TREGEAR ft CO. Norman House 1 05-1O9 
Strand 

London WC2R OAE(GB) 



Cryptographic s yriem for direct broadcasl satellite network 

(j?) A three key cryptographic system is used in the trans- 
mission of digitized signals to a plurality of receivers, each 
(Figure 2) having a unique address number end a factory 
stored signature key which is a function of the address 
number. At the transmission end, a common key is gener- 
ated (14) end used to encrypt (16) the signals to be 
trentmrtted. The signature key is generated (20, 22) for each 
receiver unit by encrypting the address number of the unit 
(18) using a secret mester key (20). The common key is then 
encrypted (16) for use by each receiver using the generated 
signeture key for that receiver. A data stream is inserted into 
the horizontal blanking intervals of the composite video 
signal. The data stream includes the encrypted signals 
receivable by all receivers and addressed portions, each 
receivable by a different receiver, containing the encrypted 
common key for that receiver. The receiver decrypts (26) the 



stored and protected. 
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20 CRYPTOGRAPHIC SYSTEM FOR DIRECT 
BROADCAST SATELLITE NETWORK 

The present Invention relates to 
cryptographic systems and, more particularly, to 
25 a cryptographic system for use in a direct 
broadcast satellite communication network 
to permit the reliable, secure transmission of 
audio and control signals. 
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The availability of small, low-cost 
television receive-only terminals 1n recent 
years has resulted in an increasing demand, for 
direct broadcast satellite services. Such 
services include Pay TV, tele-conferencing, 
tel e- semi nar , private broadcast networks, and 
the like. Moreover, as receive only television 
antenna technology improves and the cost of 
television receive-only terminals decreases, 
the demand for direct broadcast satellite services 
is expected to increase. 

Unlike land lines and terrestrial 
microwave links, satellite transmissions lack 
privacy. Such transmissions can be received 
by any TV receive-only terminal whose antenna 
is situated to receive the satellite signals. 
Accordingly, the secure transmission of video 
and audio programming and data signals is 
required to provide the privacy essential to 

many applications. 

A simple example of a direct broadcast 
satellite network in which security is required 
is one which broadcasts television signals to 
paying subscribers. Since any receiver having 
an antenna in the broadcast signal area can 
receive the sat el 1 i te s i gnal s , it is necessary 
that the signals be encoded in a way which 
can be decoded only by subscribers' receivers. 
Certain subscribers may have paid for certain 
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programs or program groups, whereas others may 
have paid for other programs or program groups. 
The signals must then be further encoded such 
that subscribers who have paid for particular 
5 programs or groups of programs can receive 
same, while other subscribers cannot. 

In addition, it may be desirable to 
design the system such that a particular 
subscriber can preview a program and then 

10 decide whether he/she wishes to watch the 
program and, hence, pay for the privilege. 
In such an impulse pay-per-view system, the 
decision of the subscriber must be recorded 
and communicated to a billing facility for 

15 appropriate billing. In such instances, the 
control signals to the subscriber's receiver 
Instructing the receiver u ow to communicate 
with the billing office rr.^st be secure in order 
to eliminate the possibilities lor theft of the 

2 0 service. 

In the direct- broadcast satellite 
service in which the cryptographic system of 
the present invention is used, the video 
signals are processed and transmitted in 
25 analog form. Audio signals are digitized and 
transmitted 1n digital data form. Addressable 
control data is organized into packets according 
to address and transmitted in the same digital 

30 
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form es the audio signals. All of the signals 
are combined in baseband using ti me - di v i s i on- 
multiplex techniques. The combined baseband 
signal is then transmitted over the satellite 
5 link to subscribers 1 receivers using FM 
modul at i on . 

In general, the transmission end 
equipment consists of a program processing unit 
and a real time controller. The program 

10 processing unit performs video signal processing 
and scrambling, audio digitization, encryption 
of the audio data, and baseband signals time 
multiplexing. The real time controller 
generates the audio cryptographic keys, encrypts 

15 the addressable control messages, generates the 
packet messages in accordance with the 
transmission protocol, maintains the user data 
base and communicates with other processing 
units,. 

20 The receiving end equipment includes 

an addressable controller decoder designed for 
use with a receiver which has the necessary 
interface for interaction with the decoder. 
The addressable controller-decoder demultiplexes 

25 the baseband signal, controls the terminal, 

descrambles the video signal, decrypts the audio 
data, and converts the audio data into analog 
form. 
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The baseband signal utilises a composite 
video signal format which includes active video 
portions and horizontal blanking interval 
portions. The two audio channels and control 
data channel occupy a portion of the horizontal 
blanking intervals. The video frame 
synchronization information and the zero level 
reference are transmitted during the vertical 
blanking interval. The audio data and the 
control data are transmitted in a burst, 
synchronous mode. The data is non-returnable 
to zero binary encoded. 

A two-level video scrambling screen 
is used. The first level is achieved by removing 
15 the line and frame synchronization pulses 

completely from the video signal. A unique 
sync word is transmitted in the vertical 
blanking interval for synchronization purposes. 
The addressable contro 1 Ter- decoder establishes 
synchronization by searching and locating the 
sync word. Once the sync word is located, all 
the sync pulses are reconstructed with 
reference to the sync word. This technique is 
used in conjunction with video signal inversion, 
which is the second security level. The 
sequence of video inversion is controlled by 
a binary bit stream at the transmitting end. 
The same bit stream 1s used to recover the 

30 
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inverted signal at the receiving end. 

Unlike video scrambling, a highly 
secure audio encryption system can be achieved 
relatively inexpensively. The decryption 
circuit, being totally digital, can be implemented 
using semi-custom or custom integrated circuits. 
It is highly important that the encryption 
system employed achieve zero transmission error 
propagation, that is, one bit in error in the 
encrypted bit stream results in only one bit in 
error in the decrypted bit stream. 

The system uses an encryption scheme 
in which the clear audio bit stream is 
combined with the bit stream generated by a 
stream cipher using an exclusive OR operation. 
The receiving end decrypts the audio bit stream 
using the same stream cipher bit stream. The 
stream cipher bit stream is generated by a 
secret key and an i n i t i a 1 i z i n g vector . The 
algorithm for generating the bit stream is 
secret. The secret key is used for the 
duration of the communication session and 
is transmitted in encrypted form through the 
control data channel. The initializing vector 
is used for the duration of each NTSC frame and 
is transmitted in the clear form in the 
horizontal blanking interval. Extremely low 
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error rate for the initializing vector is 
achieved by transmitting each bit many times. 

The addressable control data channel ' 
carries alot of sensitive information such as 
audio decryption keys and authorization tier 
levels. The present system is designed to 
prevent an eavesdropper from receiving the 
correct Information and to prevent a leoitimate 
terminal from receiving more information than 
is authorized. The encryption system 
utilized in the present invention uses the 
concept of different terminal keys. A different 
key is used for the encrypted transmission 
to each receiver terminal. In this way, even 
in the unlikely event that a terminal key is 
compromised, damage can be stopped quickly by 
deleting the key. 

The addressable control data are 
organized into blocks of 128 bits and 
encrypted using a secret block cipher. The 
length of the terminal key is 64 bits. When 
compared with the conventional Data Encryption 
System algorithm, the present block cipher 
has a larger block and a longer key. Accordingly 
brute force attacks on the cipher will take 
considerably more effort. 
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There will be described hereinafter an embodiment 
of the present invention that provides a cryptographic 
system for the reliable secure transmission of audio and 
control signals in a direct broadcast satellite network. 

The embodiment also provides a cryptographic 
system for use in a direct broadcast satellite network 
for the transmission of information to a large number of 
different receivers wherein the necessity for storing and 
protecting a secret key for each receiver is eliminated. 

It also provides a cryptographic system for 
use in a direct broadcast satellite network including a 
large number of receivers wherein only a single master 
key need be stored and protected at the transmission 
end. 

It still further provides a cryptographic 
system for use in a direct broadcast satellite network 
wherein the complexity of the system is contained in the 
transmission end and the various receivers are relatively 
simple and can be manufactured inexpensively. 

Stated more broadly, in accordance with one 
aspect of the present invention, a cryptographic system 
for the secure distribution of information from a 
transmission node to first and second receiver nodes 
is provided. Each of the receiver nodes has a unique 
address number . Means are provided 
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for generating a common key. Means are provided 
for encrypting the information to be distributed 
using the common key. Means are provided for 
generating a di f f erent 1 ndi vi dua 1 key for 
each receiver node. The individual key 
generating means comprises a master key and 
means for encrypting the address number for 
each receiver node using the master key. 
Means are provided for forming an individualized 
encrypted common key for each receiver node 
by encrypting the common key using the generated 
individual key for that receiver node. Means 
are provided for distributing the encrypted 
information to both receiver nodes and the 
individualized encrypted common key for each 
receiver node to that receiver node. 

The address number encrypting means 
preferably employs the Data Encryption Standard 
algorithm. The common key encrypting means 
preferably employs a block cipher algorithm. 

The means for forming individualized 
encrypted common keys comprises means for 
selecting each receiver node in sequence and 
for generating the individual key for the 
selected receiver node. Means are provided for 
generating the individual 1zed encrypted common 
key for the selected receiver node using the 
generated individual key for that selected 
receiver node. 
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The distributing means comprises 
means for generating a data stream. The data 
stream includes the encrypted information , 
and addressed portions. Each of the 
addressed portions comprises the address number 
tfrfcf tKf "Tfidi tffdual ized encrypted common key 
for an addressed receiver node. 

The information to be communicated 
comprises a digitized audio signal. This 
information is distributed through the use of 
a composite television signal including video 
signal portions and horizontal blanking 
intervals. The data stream is preferably 
inserted into the horizontal blanking 
intervals of the composite television signal. 

Each receiver node has a unique 
individual key stored therein. Each receiver 
node comprises means for receiving the 
encrypted information, means for receiving 
the individualized encrypted common key for 
that receiver node, and means for decrypting 
the received individual encrypted common key 
using the stored individual key. Means are 
also provided for decrypting the received 
encrypted information using the decrypted 
common key. 
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The common key decrypting means preferably 
employs a block cipher algorithm. The information 
encrypting means and decrypting means preferably' 
each employ a stream cipher algorithm. 
5 Preferably, means are provided at 

the transmission end for periodically 
changing the common key* Such changes may take 
place on a program- to- program basis or at 
prescribed time intervals. 

10 According to another aspect of the 

present invention, a three key cryptographic 
system for the secure distribution of 
information from a transmission node to a 
plurality of receiver nodes is provided. In 

15 the system, a first key is known only to the 
transmission node. Each receiver node has a 
unique address number and a pre-stored second 
key therein. The transmission node comprises 
means for generating the second key for a 

20 selected receiver node by encrypting the address 
number for the selected node with the first 
key. Means are provided for generating a third 
key. Means are provided for encrypting the 
information to be distributed with the third 

25 key. Means are provided for encrypting the 

third key for use by the selected receiver node 
with the generated second key. Means are 
provided for distributing the encrypted 

30 
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information to all of the receiver nodes and 
means are provided for distributing the encrypted 
third key for a selected receiver node to the 

selected receiver node. 

Each of the receiver nodes comprises 
means for receiving the encrypted information 
and means for receiving the third key for that . 
receiver node. Means are provided for 
decrypting the received encrypted third key 
with the stored second key. Means are also 
provided for decrypting the received 
encrypted information with the decrypted third 
key. 

The second key generating means 
preferably employs a data encryption standard 
algorithm. The third key encrypting means 
preferably employs a block cipher algorithm. 
The third key decryption means also employs 
a block cipher algorithm. 

Preferably, the third key generating 
means comprises means for periodically changing 
the third key. The information encryption 
means and Information decrypting means each 
employ a stream cipher algorithm. 

The stored second key is unique for 

* 

each receiver node; The stored receiver key - 
for each receiver node is a function of the 
address number of that receiver node. 
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In accordance with another aspect 
of the present invention, a three key 
cryptographic method for the secure information 
distribution from a transmission node to a 
plurality of receiver nodes is provided. A 
first key 1s known only to the transmission 
node. Each receiver node has a unique 
address number and a pre-stored second key 
which 1s a function of Its address number. The 
method comprises the steps of generating the 
second key for a selected receiver by 
encrypting the address number for the 
selected unit with the first key. A third key 
is generated. The information to be distributed 
is encrypted by the third key. The third key 
is then encrypted with the generated second 
key. The encrypted information is distributed 
to all of the receiver nodes. The encrypted 
third key is distributed to the selected 
receiver node. The distributed encrypted 
information and the encrypted third key are 
received at the selected receiver node. The 
received encrypted information is decrypted 
using the received encrypted third key and 
the stored second key for the selected 
receiver node. 
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The step of decrypting the received 
encrypted information preferably comprises the 
steps of decrypting the encrypted third key 
using the stored second key for the selected 
receiver node and decrypting the encrypted 
information using the encrypted third key. 

The step of generating the second 
key preferably comprises the step of 
encrypting the address number for the selected 
receiver node with the first key through the 
data encryption standard al gori thm. 

The step of encrypting the third key 
preferably comprises the step of encrypting 
the third key with the second key through a 
block cipher algorithm. 

The step of encrypting the information 
preferably comprises the step of encrypting 
the information with the third key through a 
stream cipher algorithm*. 

The step of decrypting the third key 
comprises the step of decrypting the third key 
by the stored second key for the selected 
receiver node through a block cipher algorithm. 

The step of decrypting the information 
preferably comprises the step of decrypting the 
information with the decrypted third key through 
a stream cipher algorithm. 
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In accordance with another aspect 
of the present Invention, apparatus for 
encrypting digitized signals in a direct 
broadcast satellite communications system is 
provided. The system includes a transmission 
node and a plurality of receiver nodes. Each 
receiver node has an address number and a pre- 
stored signature key which 1s a function of 
its address number. The apparatus comprises 
means for generating a common key and means 
for encrypting the digitized signals with the 
common key. Means are provided for generating 
the signature key for a selected unit. The 
signature key generating means comprises a 
15 master key and means for encrypting the address 
number of the selected receiver node using 
the master key. Means are provided for 
encrypting the common key for use by the 
selected receiver node using the generated 
signature key for that receiver node. Means 
are provided for distributing the encrypted 
digitized signals and the encrypted common 
key for the selected receiver node to the 
selected receiver node by means of a data stream 
The data stream comprises a first portion 
containing the encrypted digitized signals 
and receivable by all receiver nodes and a 
second portion comprising a plurality of 

30 
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addressed portions. Each of the addressed portions 
comprises the encrypted common key for the addressed 
receiver node and is receivable only by the receiver 
node having the address number upon which. the encrypted 
common key therein is based. 

The present invention will be further described 
in relation to a cryptographic system embodying same 
for use in a direct broadcast satellite network, the 
following description being taken together with the 
accompanying drawings, wherein like numerals refer to like 
parts, and in which: 

Fig. 1 is a schematic representation of the 
encryption system at the transmission end of the network; 

Fig. 2 is a schematic representation of the 
decryption system at each receiver terminal; 

Fig. 3 is a schematic representation of the 
encoding system utilized at the factory in order to 
set the receiver terminal memories for decryption of 
the distributed signal; and 
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F1g. 4 1s a schematic representation 
of the composite video signal over which the 
encrypted signals and key Information is 
transmitted. 

In general, the cryptographic system 
to be describee is designed for use 
1n a pay television distribution network and 
employs three keys to provide security against 
unauthorized program viewing. First, a master 
factory key 1s arbitrarily chosen as a system 
constant. Second, the master factory key 1s 
used 1n conjunction with an individual 
subscriber unit address to produce a second 
key, called a subscriber unit signature key, 
unique to each subscriber. 

A third key, the common audio 
decryption key, is arbitrarily chosen to encrypt 
the audio signal at the transmission end. The 
third key 1s distributed to each authorized 
subscriber through the use of the first and 
second keys. 

At the factory, the subscriber unit 
signature key is pre-loaded Into a memory in 
a specific subscriber receiver unit. To 
distribute the common audio key, it is 
encrypted using the subscriber unit signature 
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key as the key input of a unique block cipher 
algorithm. The resulting encrypted common audio 
key is delivered to the specific subscriber, 
by an addressed packet in an addressable data 
stream. 

At the specific subscriber receiver 
unit, the received encrypted common audio key—- 
1s decrypted using the unique block cipher 
algorithm which employs the factory pre-loaded 
subscriber unit signature key as the decryption 
key. The resulting common decryption key is 
then used to decrypt the audio signal. 

The Integrity of the three key system 
depends on the effectiveness of the security 
measures employed to keep the master factory 
key safe from independent discovery or 
unauthorized use. In contrast to this, prior 
art systems require .that' a unique key for 
each subscriber unit be protected at the 
transmission end. The system now describee 
provides comparable security, but eliminates 

the necessity for protecting a separate key 
for each subscriber unit. In the present 
system, only a single key, the master factory 
key, need be protected at the transmission 
end. 
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Since the direct broadcast satellite 
network in which the cryptographic system 
is employed is -designed 

to accommodate 2-3 million different subscriber 
5 receiver units, the necessity of previous 
cryptographic systems for protecting the 
different key for each subscriber unit 1s. quite 
burdensome. The three key cryptographic system 

now proposed eliminates this problem 

10 entirely as 1t requires only a single master 
factory key be protected. 

As seen in Fig. 1, the audio channel 
inputs AUDIO 1 and AUDIO 2 form the inputs to 
a delta modulator and multiplexer 10 of 

15 conventional design. The digitized output from 
modulator 10 1s encrypted in an audio stream 
encryption circuit 12. The output of encryption 
circuit 12 is the encrypted audio signal which 
forms a portion of a data stream. The data 

20 stream illustrated in Fig. 4 is Inserted into 
the horizontal blanking intervals of the 
composite television signal which is transmitted 
via satellite from the transmission end to each 
of the subscriber receiver units. 

25 The digitized audio signal 1s encrypted 

using a common audio key generated by a common 
audio key generation circuit 14. The common 
audio key generating circuit 14 has capability 
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for changing the common audio key periodically, 
either on a program-by- program basis or on a 
time basis such as hourly, daily, etc. 

The common audio key is transmitted 
in encrypted form to each subscriber unit. The 
encrypted common audio key is individualized 
for each unit. Each of the individualized 
encrypted common audio keys, one of which is 
present for each subscriber receiver unit, is 
placed in a different addressed portion of the 
data stream- These portions of the data stream 
can be received only by the particular 
subscriber unit for which the individualized 
encrypted common audio key is intended. 

Each individualized encrypted common 
audio key is generated through the use of a 
subscriber unit signature key. The subscriber 
unit signature key is unique to a particular 
unit. Each i ndi vi dual i zed encrypted common 
audio key is generated by encrypting the common 
audio key using the unique subscriber unit 
signature key in a block cipher algorithm 

circuit!6. 

Each unique subscriber unit signature 

key is based on the subscriber unit address 
number for the subscriber unit to which the 
portion of the data stream including the 
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individualized encrypted common audio key is 
addressed. Mo re s pec i f i ca 11 y , each unique 
subscriber unit signature key is derived by 
encrypting the subscriber unit address number, 
stored in a memory 18, using the master factory 
key, stored in a master factory key memory 20, 
in an encryption circuit 22 which employs the 
Data Encryption Standard algorithm. 

As shown in Fig. 2, the transmitted 
encrypted audio signal 1s extracted from the 
data stream in the horiz ontal blanking 
intervals of the received composite television 
signal and forms an input to an audio stream 
decryption circuit 24. The encrypted audio 
15 signal will be decrypted using the common 

audio key. The common audio key is derived 

from the individualized encrypted common 

audio key which is transmitted to the receiver. 

The receiver monitors the data stream 
20 in the horizontal blanking intervals until it 
detects the portion thereof with its unique 
address number. The individualized encrypted 
common audio key for the particular subscriber 
unit is then obtained from the addressed 
25 portion. The individualized encrypted common 



30 



NSDOCID:<EP 0179612A2 I > 



22 



01 7961 



audio key is then decrypted in a block cipher 
algorithm circuit 26 and used to decrypt the 
encrypted audio signal, also transmitted i p the 

data stream. 

The subscriber unit signature key 
for the particular subscriber unit is utilized 
as the key for the block cipher algorithm 
circuit 26. The unique subscriber unit 
signature key for each subscriber unit is 
stored in a memory 28 within the unit. The 
unique subscriber unit signature key for the 
particular unit is stored in the unit memory 

inthefactory. 

Fig. 3 schematically depicts the 
factory encoding system. At the factory, the 
subscriber unit address is read from the 
subscriber unit address memory 18 and stored 
in 'the subscriber unit address" memory 32 in 
the subscriber unit. The subscriber unit 
address is encrypted in the Data Encryption 
Standard algorithm circuit 22 using the master 
factory key from memory 20 and is then stored 
in the subscriber unit signature key memory 28 
in the subscriber unit. Later, when signals 
are being transmitted, the master factory key 
from memory 20 is used in the Data Encryption 
Standard algorithm circuit 22 to generate the 
unique subscriber unit signature key for each 
subscriber unit, as described above. 
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Fig. 4 schematically represents the 
transmitted composite TV signal which comprises 
a plurality of active video portions, sync- 
portions, and horizontal blanking portions. 
The data stream is inserted into consecutive 
horizontal blanking portions. 

The data stream includes a run-in 
code for synchronization, an addressable data 
stream portion, the encrypted ■ di gi tlzed audio 
signals, an audio code portion indicating 
whether the audio signals are stereo or bilingual, 
video inversion code, and spare bits. 

The addressable data stream includes 
a header portion, containing information for 
addressing certain groups of subscribers and 
certain program related information common to 
all subscriber units in the addressed group. 
The addressable data stream also includes a 
plurality of addressed packets l...n, each 
containing the address number for a different 
subscriber unit. Each addressed packet also 
contains the individualized common audio key 
for the addressed unit. 

Each subscriber unit captures the 
encrypted audio information, finds a header 
with its group number, and then searches for 
the addressed packet with its address number. 
When the packet with its address number is 
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located, the unit obtains the individualized 
common audio key therein and uses it, in 
conjunction with the unique subscriber unit 
signature key stored 1n the unit to decrypt 

the audio signals. 

It will now be appreciated that the 

three key cryptographic system that has "been 
described permits the secure distribution of 
digitized signals to a large number of 
subscriber units without the necessity for 
storing a different key for each subscriber 
unit. Only a single roaster factory key most 
be protected 1n order to maintain the 
Integrity of the entire system. 

Moreover, there is nothing stored 
in any particular subscriber unit which, if 
obtained, would permit the cryptographic system 
to be broken. Even interception and analysis 
of all individualized encrypted common audio 
keys will not provide information concerning 
the master factory key. Further, periodically 
changing the common audl'o key-further increases 
the security of the system. 
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CLAIMS: 



'1- A cryptographic system for 

«. trlbBtlon of inforroatlon from 

transmission node to first 

iirst and second 

receiver node<= PSf -h v„ 

u „ <r , , ' ° h recelver node having a 

UWqUe address "umber, the system chara.f • 



key; 



means' (14) f or qenerafi'nn 

yenerating a common 



mat 



ion t <12> th. infor- 

™ to be distributed UE i„ g said „„„„ 

* Mns < 20 ' 22) for generate , 



different individual key for each receiver node, 
said individual key generating means comprising 
a master key (20) and means (22) for encrypting 
the address number for each receiver node using 
said master key; 

means (16) for forming an individualized 
encrypted common key for each receiver node by 
encrypting the common key using the generated 
individual key for that receiver node; and 

means for distributing said encrypted, 
information to all receiver nodes and the 
individualized encrypted common key for each 
receiver node to that receiver node. 

2. The system of Claim 1, characterized 
in that said address number encrypting means (22) 
comprises the Data Encryption Standard algorithm. 

3. The system of Claim 1, characterized 
in that said common key encrypting means (16) 
comprises a block cipher algorithm. 

4. The system of Claim 1, characterized 
in that said means (16) for forming an individual 
encrypted common key for each receiver node 
comprises means for selecting each receiver node 
in sequence, for generating the individual key for 
the selected receiver node and means for generating 
the encrypted common key for the selected receiver 
node using the generated individual key for the 



15 



20 



25- 



30 



01 7961 2 



selected receiver node 



5 



in that ■« „ ° f C1Slm ch =««erized 

n that said attributing means ™ piises mean£ 

for generating a data stream, saia data stream 

C °' nSi " 5 -crypt-a information and addressed 

portions, each of said addressed portions 
comprising the address number and individualize 
encrypted common key for an addressed receiver 
J-0 node. 



6. The system of claim 5, characterized 
« that said information to be communicated 
comprises a digitized signal and is distributed by 
a composite television signal including video 
ZTl 1 fr ti0n£ horizont ^ blanking intervals 

is ins" , I Cha " Ct " 1 - a in ^ «« aata stream 
» inserted into said horizontal blanking intervals 



in th»* I SyStem ° £ C1=ira characterized 

th f eaCh "«"er node has a unicue individual 
key stored therein (28 > and further comprising 
—n. for receiving said encrypted information, 

22 S T reCeiVln * the i^ividuaHzed encrypted 
common key for that node", means (Jfil , „ 

. " eMS <26) for decryptinq 

the received individualized encrypted common Zy 
"sing the stored individual key and. means (24) for 
aecryptang said received encrypted information 
using said decrypted common key. 
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8. The system of Claim 7, characterised, 
in that said encrypted common key decrypting means 
(26) comprises a block cipher algorithm. 

9. The system of Claim 1, further 
characterized by means (14) for periodically changing 
said common key. 

10. The system of Claim 1, characterized 
in that said information encrypting means (12) 
comprises a stream cipher algorithm. 

11- The system of Claim 7, characterized 
in that information decrypting means (12) comprises 
a stream cipher algorithm. 

12. A three key cryptographic system 
for secure distribution of information from a 
transmission node to a plurality of receiver 
nodes wherein a first key is known only to the 
transmission node and each receiver node has a 
unique address number and a pre-stored second key, 
the transmission node characterized by means (22) 
for generating the second key for a selected" 
receiver node by encrypting the address number 
for the selected node with the first key, means (14) 
for generating a third key, means (12) for 
encrypting the information to be distributed with 
said third key, means (16) for encrypting said 
third key for use by said selected receiver node 
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with said generated second key, means for distribut- 
ing said encrypted information to all of said ' 
receiver nodes, and means for distributing said 
encrypted third key to said selected receiver node. 

13. The system of Claim 12, characterized 
; n that each ° f said "ceiver nodes comprises means 
for receiving said encrypted information, means for 
receiving said encrypted third key for that receiver 
node, means (26) for decrypting said received 
encrypted third key with the stored second key 
and means (24) for decrypting said received 

encrypted information with said decrypted third 
key. 

1A. The system of Claim 12, characterized 
in that said second key generating means (22) 
comprises a Data Encryption Standard algorithm. 

15. The system of Claim 12, characterized 
in that said third key encrypting means (16) 
comprises a block cipher algorithm. 

16. The system of Claim 13, characterized 
in that said third key decryption means (16) 
comprises a block cipher algorithm. 

17. The system of Claim 12, characterized 
xn that said third key generating means (14, 16) 
comprises means (14) for periodically changing said 
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third Key. 

18. The system of Claim 12, characterized 
in that said inf ormat ion encryption means (12) 
comprises a stream cipher algorithm. 

19. The system of Claim 13, characterized 
in that said information decrypting means (12) 
comprises a stream cipher algorithm. 

20. The system of Claim 12, characterized 
in that the stored second key is unique for each 
receiver node. 

21. The system of Claim 12, characterized 
in that the stored second key for each receiver 
node is a function of the address number of that 
receiver node. 

22. A three key cryptographic method 
for secure information distribution from a 
transmission node to a plurality of receiver 
nodes wherein a first key is known only to the 
transmission node and each receiver node has a 
unique address number and a pre-stored unique 
second key which is a function of its address 
number, the method characterized by the steps 
of generating the second key for a selected 
receiver unit by encrypting the address number 
for the selected unit with the first key. 
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generating a third key, encrypting the informa- 
tion to be distributed with the third key, 
encrypting the third key with the generated 
second key, distributing the encrypted 
information to all receiver nodes, distributing 
the encrypted third key to the selected receiver 
node; receiving the distributed encrypted 
information and the encrypted third key at 
the selected receiver node, and decrypting 
the received encrypted information using the 
received encrypted third key and the stored 
second key for the selected receiver node. 

23. The method of Claim 22, characterized 
m that the step of decrypting the received 
encrypted information comprises the steps of 
decrypting the encrypted third key using the 
stored second key for the selected receiver node 
and decrypting the encrypted information using 

the decrypted third key. 

24. The method of Claim 22, characterized 
in that the step of generating the second key 
comprises the step of encrypting the address- number 
for the selected receiver node with the first key 
through the Data Encryption Standard algorithm. 
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25. The method of Claim 22, characterized 
in that the step of encrypting the third key 
comprises encrypting the third key vi.th the second 
key through a block cipher algorithm. 

26. The method of Claim 22, characterized 
in that the step of encrypting the information 
comprises the step of encrypting the information 
with said third key through a stream cipher 
algorithm. 

27. The method of Claim 23, characterized 
in that the step of decrypting the third key 
comprises the step of decrypting the third key 
using the stored second key for the selected receiver 
node through a block cipher algorithm. 

28. The method of Claim 22, characterized 
in that the step of decrypting the information 
comprises the step of decrypting the information 
with the decrypted third key through a stream 
cipher algorithm. 

29. Apparatus for encrypting digitized 
signals in a direct broadcast satellite 
communications system including a transmission 
node and a plurality of receiver nodes, each 
receiver node having an address number- and a 
pre-stored signature key which is a function of 
its address number, the apparatus characterized 
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15 



20 



25 
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by: means (14) for Generating a common key; 
means (12 for encrypting the digitized signals 
with said common key; means (18, 20, 22) for 
generating the signature key for a selected unit • 
said signature key generating means comprising, 
a master key (20) and means (22) for encrypting 
the address number of said selected receiver node 
using the master key; means (16) for encrypting 
said common key for use by the selected receiver 
node using the generated signature key for that 
receiver node; means for distributing the encrypted 
dagxtazed signals and the encrypted common key 
for said selected receiver node to said selected 
receiver node by means of a data stream comprising 
a first portion containing the encrypted digitized 
signals and receivable by all receiver nodes and 
e second portion comprising a plurality of sub- 
portions, each of said sub-portions comprising the 
encrypted common key for a different receiver node 
and receivable only by the receiver node having 
the address number upon vhich the encrypted common 
key therein is based. 

30. A cryptographic method for secure 
distribution of information from a transmission 
node to first and second receiver nodes, each 
receiver node having a unique address number, the 
method characterized by the steps of: 

generating a common key; 
encrypting the information to be 
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distributed using saia common key; 

generating a different individual key 
for each receiver node using a master key and 
encrypting- the address number for each receiver 
node with the master kay ; 

forming an individualized encrypted 
common key for each receiver node by encrypting 
the common key using the generated individual 
key for that receiver node; and 

distributing the information to all 
receiver nodes and the individualized encrypted 
common key for each receiver node to that 
receiver node. 

31. A method for encrypting digitized 
signals in a direct broadcast satellite 
communications system including a transmission 
node and a plurality of receiver nodes, each 
receiver node having an address number and a 
pre-stored signature key which is a function of 
its address number, the method characterized by 
the steps of: generating a common key; 
encrypting the digitized signals with the common 
key; generating the signature key -for a selected 
unit using a master key and encrypting the 
address number of the selected receiver node 
using the master key; encrypting said common key 
for use by the selected receiver node using the 
generated signature key for that receiver node; 
distributing the encrypted digitized signals and 
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the encrypted common key for the selected 
receiver node to the selected receiver node by 
generating a data stream comprising a first 
portion containing the encrypted digitized 
5 signals, receivable by all receiver nodes and 

a second portion comprising a plurality of sub- 
portions, each of said sub-portions comprising 
the encrypted common key for a different receiver 
node and receivable only by the receiver node 
10 having the address number upon vhich the encrypted 
common key therein is based. 
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© Cryptographic system for direct broadcast satellite network 

© A.hreeke y cryptographic system is used in the transmis- 
sion of digitized signals to a plurality of receivers, each 
(Figure 2) having a unique address number and a factory sto- 
red signature key which is a function of the address number. 
At the transmission end, a common key is generated (14) and 
used to encrypt (16) the signals to be transmitted. The sig- 
nature key is generated (20, 22) for each receiver unit by 
encrypting the address number of the unit (18) using a secret 
master key (20). The common key is then encrypted (16) for 
use by each receiver using the generated signature key for 
that receiver. A data stream is inserted into the horizontal 
blanking intervals of the composite video signal. The data 
stream includes the encrypted signals receivable by all recei- 
vers and addressed portions, each receivable by a different 
receiver, containing the encrypted common key for that 
receiver. The receiver decrypts (26) the common key with the 
stored signature key and uses it to decrypt (24) the signals. 
Only a single master key must be stored and protected. 
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